<!DOCTYPE HTML>

<html lang="en">
<head>

<title>RequestHeaderAuthenticationFilter (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="RequestHeaderAuthenticationFilter (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="RequestHeaderAuthenticationFilter.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.web.authentication.preauth</a></div>
<h2 title="Class RequestHeaderAuthenticationFilter" class="title">Class RequestHeaderAuthenticationFilter</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li>org.springframework.web.filter.GenericFilterBean</li>
<li>
<ul class="inheritance">
<li><a href="AbstractPreAuthenticatedProcessingFilter.html" title="class in org.springframework.security.web.authentication.preauth">org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter</a></li>
<li>
<ul class="inheritance">
<li>org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code>javax.servlet.Filter</code>, <code>org.springframework.beans.factory.Aware</code>, <code>org.springframework.beans.factory.BeanNameAware</code>, <code>org.springframework.beans.factory.DisposableBean</code>, <code>org.springframework.beans.factory.InitializingBean</code>, <code>org.springframework.context.ApplicationEventPublisherAware</code>, <code>org.springframework.context.EnvironmentAware</code>, <code>org.springframework.core.env.EnvironmentCapable</code>, <code>org.springframework.web.context.ServletContextAware</code></dd>
</dl>
<hr>
<pre>public class <span class="typeNameLabel">RequestHeaderAuthenticationFilter</span>
extends <a href="AbstractPreAuthenticatedProcessingFilter.html" title="class in org.springframework.security.web.authentication.preauth">AbstractPreAuthenticatedProcessingFilter</a></pre>
<div class="block">A simple pre-authenticated filter which obtains the username from a request header, for
use with systems such as CA Siteminder.
<p>
As with most pre-authenticated scenarios, it is essential that the external
authentication system is set up correctly as this filter does no authentication
whatsoever. All the protection is assumed to be provided externally and if this filter
is included inappropriately in a configuration, it would be possible to assume the
identity of a user merely by setting the correct header name. This also means it should
not generally be used in combination with other Spring Security authentication
mechanisms such as form login, as this would imply there was a means of bypassing the
external system which would be risky.
<p>
The property <code>principalRequestHeader</code> is the name of the request header that
contains the username. It defaults to "SM_USER" for compatibility with Siteminder.
<p>
If the header is missing from the request, <code>getPreAuthenticatedPrincipal</code> will
throw an exception. You can override this behaviour by setting the
<code>exceptionIfHeaderMissing</code> property.</div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>2.0</dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="field.summary">

</a>
<h3>Field Summary</h3>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.springframework.web.filter.GenericFilterBean">

</a>
<h3>Fields inherited from class&nbsp;org.springframework.web.filter.GenericFilterBean</h3>
<code>logger</code></li>
</ul>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">

</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="RequestHeaderAuthenticationFilter.html#%3Cinit%3E()">RequestHeaderAuthenticationFilter</a></span>()</code></th>
<td class="colLast">&nbsp;</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>protected java.lang.Object</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="RequestHeaderAuthenticationFilter.html#getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest)">getPreAuthenticatedCredentials</a></span>&#8203;(javax.servlet.http.HttpServletRequest&nbsp;request)</code></th>
<td class="colLast">
<div class="block">Credentials aren't usually applicable, but if a <code>credentialsRequestHeader</code> is
set, this will be read and used as the credentials value.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>protected java.lang.Object</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="RequestHeaderAuthenticationFilter.html#getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest)">getPreAuthenticatedPrincipal</a></span>&#8203;(javax.servlet.http.HttpServletRequest&nbsp;request)</code></th>
<td class="colLast">
<div class="block">Read and returns the header named by <code>principalRequestHeader</code> from the
request.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="RequestHeaderAuthenticationFilter.html#setCredentialsRequestHeader(java.lang.String)">setCredentialsRequestHeader</a></span>&#8203;(java.lang.String&nbsp;credentialsRequestHeader)</code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="RequestHeaderAuthenticationFilter.html#setExceptionIfHeaderMissing(boolean)">setExceptionIfHeaderMissing</a></span>&#8203;(boolean&nbsp;exceptionIfHeaderMissing)</code></th>
<td class="colLast">
<div class="block">Defines whether an exception should be raised if the principal header is missing.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="RequestHeaderAuthenticationFilter.html#setPrincipalRequestHeader(java.lang.String)">setPrincipalRequestHeader</a></span>&#8203;(java.lang.String&nbsp;principalRequestHeader)</code></th>
<td class="colLast">&nbsp;</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter">

</a>
<h3>Methods inherited from class&nbsp;org.springframework.security.web.authentication.preauth.<a href="AbstractPreAuthenticatedProcessingFilter.html" title="class in org.springframework.security.web.authentication.preauth">AbstractPreAuthenticatedProcessingFilter</a></h3>
<code><a href="AbstractPreAuthenticatedProcessingFilter.html#afterPropertiesSet()">afterPropertiesSet</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">doFilter</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#getAuthenticationDetailsSource()">getAuthenticationDetailsSource</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#principalChanged(javax.servlet.http.HttpServletRequest,org.springframework.security.core.Authentication)">principalChanged</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher)">setApplicationEventPublisher</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource)">setAuthenticationDetailsSource</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setAuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler)">setAuthenticationFailureHandler</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager)">setAuthenticationManager</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setAuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler)">setAuthenticationSuccessHandler</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setCheckForPrincipalChanges(boolean)">setCheckForPrincipalChanges</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setContinueFilterChainOnUnsuccessfulAuthentication(boolean)">setContinueFilterChainOnUnsuccessfulAuthentication</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setInvalidateSessionOnPrincipalChange(boolean)">setInvalidateSessionOnPrincipalChange</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#setRequiresAuthenticationRequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)">setRequiresAuthenticationRequestMatcher</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#successfulAuthentication(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,org.springframework.security.core.Authentication)">successfulAuthentication</a>, <a href="AbstractPreAuthenticatedProcessingFilter.html#unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,org.springframework.security.core.AuthenticationException)">unsuccessfulAuthentication</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.web.filter.GenericFilterBean">

</a>
<h3>Methods inherited from class&nbsp;org.springframework.web.filter.GenericFilterBean</h3>
<code>addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext</code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">

</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">

</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;()">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>RequestHeaderAuthenticationFilter</h4>
<pre>public&nbsp;RequestHeaderAuthenticationFilter()</pre>
</li>
</ul>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getPreAuthenticatedPrincipal</h4>
<pre class="methodSignature">protected&nbsp;java.lang.Object&nbsp;getPreAuthenticatedPrincipal&#8203;(javax.servlet.http.HttpServletRequest&nbsp;request)</pre>
<div class="block">Read and returns the header named by <code>principalRequestHeader</code> from the
request.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="AbstractPreAuthenticatedProcessingFilter.html#getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest)">getPreAuthenticatedPrincipal</a></code>&nbsp;in class&nbsp;<code><a href="AbstractPreAuthenticatedProcessingFilter.html" title="class in org.springframework.security.web.authentication.preauth">AbstractPreAuthenticatedProcessingFilter</a></code></dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="PreAuthenticatedCredentialsNotFoundException.html" title="class in org.springframework.security.web.authentication.preauth">PreAuthenticatedCredentialsNotFoundException</a></code> - if the header is missing and
<code>exceptionIfHeaderMissing</code> is set to <code>true</code>.</dd>
</dl>
</li>
</ul>
<a id="getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getPreAuthenticatedCredentials</h4>
<pre class="methodSignature">protected&nbsp;java.lang.Object&nbsp;getPreAuthenticatedCredentials&#8203;(javax.servlet.http.HttpServletRequest&nbsp;request)</pre>
<div class="block">Credentials aren't usually applicable, but if a <code>credentialsRequestHeader</code> is
set, this will be read and used as the credentials value. Otherwise a dummy value
will be used.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="AbstractPreAuthenticatedProcessingFilter.html#getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest)">getPreAuthenticatedCredentials</a></code>&nbsp;in class&nbsp;<code><a href="AbstractPreAuthenticatedProcessingFilter.html" title="class in org.springframework.security.web.authentication.preauth">AbstractPreAuthenticatedProcessingFilter</a></code></dd>
</dl>
</li>
</ul>
<a id="setPrincipalRequestHeader(java.lang.String)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>setPrincipalRequestHeader</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setPrincipalRequestHeader&#8203;(java.lang.String&nbsp;principalRequestHeader)</pre>
</li>
</ul>
<a id="setCredentialsRequestHeader(java.lang.String)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>setCredentialsRequestHeader</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setCredentialsRequestHeader&#8203;(java.lang.String&nbsp;credentialsRequestHeader)</pre>
</li>
</ul>
<a id="setExceptionIfHeaderMissing(boolean)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>setExceptionIfHeaderMissing</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setExceptionIfHeaderMissing&#8203;(boolean&nbsp;exceptionIfHeaderMissing)</pre>
<div class="block">Defines whether an exception should be raised if the principal header is missing.
Defaults to <code>true</code>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>exceptionIfHeaderMissing</code> - set to <code>false</code> to override the default
behaviour and allow the request to proceed if no header is found.</dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="RequestHeaderAuthenticationFilter.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="RequestHeaderAuthenticationFilter.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040ddebb8c297cf","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
